如何强制用户使用带有少密码电话登录功能的MS Authenticator? [英] How to enforce users to use MS Authenticator with Password less phone sign-in?

问题描述

你好

我们计划在云中用Azure MFA替换Azure MFA Server，现在我们正在寻找一种可以代替管理员使用的PIN码(电话+ PIN)的解决方案. MS Authenticator看起来很有前途，但这是我们无法回答的两个问题，因此我们 需要一些帮助.

We plan to replace Azure MFA Server with Azure MFA in the Cloud and now we are looking for a solution that can be used instead of PIN code (Phone call + PIN) for Admins. MS Authenticator looks promising but here are 2 questions we can't answer, so we would need some help, please.

如果启用了身份验证器验证方法，我们如何确保管理员将使用MS Authenticator应用而不是另一个Authenticator应用进行登录?如果使用MS Authenticator，可以使用带有设备注册功能的电话接听，但是 如何强制管理员在未注册的设备上使用电话接收，而不是其他Authenticator应用.综上所述:我们想实现管理员将使用电话信号输入"功能.在已注册的/Intune托管设备上使用MS Authenticator应用程序.

How can we make sure Admins will use MS Authenticator app and not another Authenticator app to login if the Authenticator verification method is enabled? Phone sing-in with device registration is nice to have in case of MS Authenticator but how to enforce Admins to use phone sing-in and not another Authenticator app on a nonregistered device. To sum it up: we want to achieve that Admins will use "phone sig-in" with MS Authenticator app on a registered / Intune managed device.

谢谢获得支持.

推荐答案

Gabor Nyers，

Hi Gabor Nyers, 

您可以使用条件访问"来创建既需要多因素身份验证又要符合设备要求的策略.如果要对内部应用程序使用条件访问，建议您看一下Azure AD应用程序 代理.

You could use Conditonal Access to create a policy that requires both multifactor authentiaction and that the device is compliant. If you want to use Conditional Access to internal applications you would recommend you to take a look at Azure AD Application Proxy.

https://docs.microsoft.com/en-us/azure /active-directory/conditional-access/overview

https://docs.microsoft.com/en-us/intune/device -compliance-get-started

https://docs.microsoft .com/en-us/azure/active-directory/manage-apps/application-proxy-publish-azure-portal

这篇关于如何强制用户使用带有少密码电话登录功能的MS Authenticator?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！